Winbind/RH7.1...More Help
Sean Trammell
strammell at siumed.edu
Mon Oct 22 10:33:03 GMT 2001
Someone correct me if I am wrong, but I think that this really is a PAM
problem. There are several things that I can think of offhand, either
samba was not compiled --with-pam or samba is not configured correctly
or the appropriate PAM module is not configured correctly. We need more
information, are you getting any errors in /var/log/messages? PAM
problems are logged there on my Redhat 7.1 system. Also, did you use an
RPM or did you compile samba from source? If it was source, did you use
--with-pam when configuring? If that fails you could post the relevant
lines of your smb.conf file (probably most the global section). What is
the OS of your password server?
-Sean
Winston Nimchan wrote:
>
> hey:
>
> got pass that stage. wbinfo & getent returns the values as expected.
>
> However my Windoze client are prompting for username/password and
> nothing I enter is being accepted. Any ideas?
>
> Regards
>
> Winston Nimchan
>
> -----Original Message-----
> From: David Brodbeck [mailto:DavidB at mail.interclean.com]
> Sent: Monday, October 22, 2001 12:59 PM
> To: Winston Nimchan; Sean Trammell
> Cc: samba at lists.samba.org
> Subject: RE: Winbind/RH7.1...More Help
>
> I don't think this is a PAM problem. 'getent' relies on the nsswitch
> mechanism but I don't think it relies on PAM.
>
> -----Original Message-----
> From: Winston Nimchan [mailto:Winston_Nimchan at trinsys.com]
> Sent: Friday, October 19, 2001 3:08 PM
> To: Sean Trammell
> Cc: samba at lists.samba.org
> Subject: RE: Winbind/RH7.1...More Help
>
> Tried all the suggestions and still can't see my domain users/groups
> with getent
> secret is good and message has nothing abnormal bout PAM
>
> Winston
>
> -----Original Message-----
> From: Sean Trammell [mailto:strammell at siumed.edu]
> Sent: Friday, October 19, 2001 10:54 AM
> To: Winston Nimchan
> Cc: samba at lists.samba.org
> Subject: Re: Winbind/RH7.1...More Help
>
> That is most likely a PAM problem, you need to create/modify a file at:
> /etc/pam.d/samba
>
> so that authentication will work against your domain (only for the
> samba service, logging into your linux computer is a different
> service). Be very careful with PAM, you can lock yourself out of your
> machine if it is misconfigured. For example, my /etc/pam.d/samba file
> looks like this:
>
> auth required /lib/security/pam_securetty.so
> auth required /lib/security/pam_nologin.so
> auth sufficient /lib/security/pam_winbind.so
> auth required /lib/security/pam_pwdb.so use_first_pass
> shadow nullok
> account required /lib/security/pam_winbind.so
> session required /lib/security/pam_pwdb.so
> password required /lib/security/pam_pwdb.so
>
> Check to make sure that PAM is configured correctly for samba here,
> and then you can check the error log at /var/log/messages for any
> errors relating to PAM if it still won't work. Also make sure
> that the pam module pam_winbind.so is in place in /lib/security.
>
> Login is a separate module (not samba), you would need to modify
> another module config to do that.
>
> -Sean
>
> Winston Nimchan wrote:
> >
> > The winbind now works...my getent passwd & groups returns the domain
> > users/groups
> >
> > What should be the next step? my clients (Win2K & Win9x) are still
> > prompting for a password and I cannot login to my linux box using
> > DOMAIN*domainuser.
> >
> > Must I add each domain user as a user on the linux box?
> >
> > Regards
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list